Compare commits

...

71 Commits

Author SHA1 Message Date
Blade of Darkness 0d9cb09675 Fix: print user queue option 4 months ago
Blade of Darkness bd75aee404 Add user queue management script 4 months ago
Blade of Darkness 9260fcd6cb Move functions and include them 4 months ago
Blade of Darkness fa2b0006d2 Add user queue path 4 months ago
Blade of Darkness 77642a9c1b Double quotes are no longer needed 5 months ago
Blade of Darkness a705b5cdc3 Fix remove user's home directory 5 months ago
Blade of Darkness 23e14fa75b Move Backup user data to an optional function 5 months ago
Blade of Darkness 8fd0421e7b Changes from makeuser_ansible function to reading from a file 7 months ago
Blade of Darkness 93ffa85803 Username already passed lowercased from signup.php 11 months ago
Blade of Darkness 6e01b8dbbf Username already passed lowercased from signup.php 11 months ago
Blade of Darkness cebb380022 Username already passed lowercased from signup.php 11 months ago
Blade of Darkness bc4e2dc31c Use setenv variable 12 months ago
Blade of Darkness 6ab305d094 Fix: passing parameters to a function 1 year ago
Blade of Darkness 4f55bd736b Leave this as before 1 year ago
Blade of Darkness 79e7cfb13f Username downcased because of quirks 1 year ago
Blade of Darkness 35cff1a7b9 Move ansible section to its function 1 year ago
Blade of Darkness 35cc77bca6 Move arguments check 1 year ago
Blade of Darkness 4acb88e843 Fix quotes for variable syntax 1 year ago
Ubergeek 3f68c82de8 Fixed redirect for banned user list 1 year ago
Blade of Darkness 5f218c20bb Show --baned with optional parameter syntax 1 year ago
Ubergeek b6bf5d4c39 fixed usage 1 year ago
Blade of Darkness 43e4711c69 multiple recipients together 1 year ago
Blade of Darkness 75ea7695ca user account unenforced by rmuser script 1 year ago
Blade of Darkness 75c4dc712d Use YAML_FILE from setenv 1 year ago
Blade of Darkness 2e73d2585f only move to once 1 year ago
Blade of Darkness 694cd17843 define remove_user() function before to call it 1 year ago
Blade of Darkness ba830c97ec Check that username is not in the banned list 2 years ago
Blade of Darkness 334f222e3d outlaws goes to theusers.banned list 2 years ago
Blade of Darkness f9c526342e move code to a function and add usage options 2 years ago
Ubergeek e74b9287dc Ooops, somehow an extra echo ended up in there 2 years ago
Ubergeek b38c5462fa Fixed the chmod for recovery 2 years ago
Ubergeek f1a8ddbe96 Changed the recovery creation, gotta use sudo tee 2 years ago
Blade of Darkness 3fc04817f3 Fix: For sanity sake, make mkdir use a -p flag 2 years ago
Blade of Darkness cfaa559559 Merge branch 'master' of ttm.sh:thunix/makeuser 2 years ago
Blade of Darkness d6e3f49216 Add recovery account email template 2 years ago
Blade of Darkness f69281a0d7 For sanity sake, make mkdir use a -p flag 2 years ago
Blade of Darkness ea619e7a23 Fix execute chown as su 2 years ago
Blade of Darkness 017872be5d Set user account owner 2 years ago
Blade of Darkness a03c58b202 Added Recovery Account function to makeuser script 2 years ago
Ubergeek 2faf2d9d0a Updated email template to include recovery info 2 years ago
Blade of Darkness 64cdfacdb2 add parameters to makeuser_no_ansible function call, to use local variables 2 years ago
Blade of Darkness 4574a848a1 move common code in both makeuser and makeuser_no_ansible to include/functions 2 years ago
Blade of Darkness de5d356d9c email already in setenv as ADMIN_EMAIL 2 years ago
Blade of Darkness 9026f181f8 functions moved to include/functions 2 years ago
Blade of Darkness f3a9e42163 rename tmpl folder to include, for other contents 2 years ago
Blade of Darkness 3c779185d4 define YAML_FILE in setenv 2 years ago
Blade of Darkness 29902891c0 define EMAIL_TEMPLATE and TILDE_JSON in setenv 2 years ago
Blade of Darkness ae758c6f1a define LIST_NAME in setenv 2 years ago
Blade of Darkness 3bff655fbc ADMIN_EMAIL and REPO_LOCATION defined in setenv 2 years ago
Ubergeek 01683bb523 One setenv to rule them all! 2 years ago
Blade of Darkness 2f22ceacef create-znc_account.sh no longer works since znc-1.7.1 2 years ago
Blade of Darkness 6942fb76d6 place .tmpl files into tmpl folder 2 years ago
Blade of Darkness 4cc31809f4 adding unsubscribe from mailing list to rmuser 2 years ago
Ubergeek 01818e1a25 Splitting out personal configs 2 years ago
Ubergeek 2c8c3bdfb0 Including tilde.json 2 years ago
Ubergeek 0d26c64916 Udpated rmuser to put backups in a better place 2 years ago
Ubergeek d076f4908b Updated README 3 years ago
Ubergeek 3e3838aef2 Adding a db removal tool. 3 years ago
Ubergeek 9bf8982535 Adding db provisioning tool 3 years ago
Ubergeek cbcb6d2e0e Fixed up rmuser 3 years ago
Ubergeek 703152887c Adding some more to rmuser 3 years ago
Ubergeek 6cb4e90d5b Adding tool to remove user accounts as well 3 years ago
Ubergeek dd223d8a8e Adding cc to admin_email for new user creations 3 years ago
Ubergeek 578fc43d2a Ok, finally fixed it for good 3 years ago
Ubergeek d65faae958 Updated template 3 years ago
Ubergeek 092cbdf86f Tossing in the towel. Cannot get the znc portion to work, like, at all 3 years ago
Ubergeek 1bc4d9715b *Mostly* working 3 years ago
Ubergeek 5f10b2f431 Adding user testuser 3 years ago
Ubergeek 330b7b96bd Updated readme 3 years ago
Ubergeek 2d0ba2f250 Updated templed 3 years ago
Ubergeek 82ce5d58ad Modfied for thunix 3 years ago
  1. 24
      README.md
  2. 15
      dbremove
  3. 43
      email.tmpl
  4. 62
      gen_tdp
  5. 8
      include/account_recovery.tmpl
  6. 24
      include/ansible.sh
  7. 7
      include/dbemail.tmpl
  8. 28
      include/email.tmpl
  9. 70
      include/functions
  10. 16
      makedb
  11. 45
      makeuser
  12. 34
      makeuser_no_ansible
  13. 26
      rmuser
  14. 15
      setenv
  15. 28
      userqueue

24
README.md

@ -1,3 +1,25 @@
# makeuser
A script that allows admins of tilde.team to make user accounts easily.
A script that allows admins of thunix to make user accounts easily.
Forked from tilde.team's makeuser repo.
``makeuser {username} {email} {ssh key}
# rmuser
This tool archives the user's home dir, and removes the system account. It is assume that beforehand, the user is un-enforced in ansible.
``rmuser {username}
# makedb
Upon request, this tool provisions a database for users on the system MySQL/MariaDB instance.
``makedb {username}
# dbremove
Removes user dbs.
``dbremove {username}

15
dbremove

@ -0,0 +1,15 @@
#!/bin/bash
CONFIG=./setenv
. $CONFIG
USER=$1
sudo mysqldump -u root $USER > /tmp/$USER.sql
sudo mv /tmp/$USER.sql /root/$USER.sql
sudo mysql -u root << _EOF
DROP DATABASE $USER;
FLUSH PRIVILEGES;
_EOF
echo "The databases for $USER has been archived, and removed." | sudo mail -s "Database for $USER has been removed" $ADMIN_EMAIL

43
email.tmpl

@ -1,43 +0,0 @@
Subject: welcome to tilde.team!
hey ~newusername,
welcome to tilde.team!
your new account has been established. you can ssh into tilde.team with
the ssh key you supplied on registration.
your password is "newpassword". please change it when you log in for
the first time. the password is used for imap/smtp auth, not shell login,
which is set to only use ssh key authentication.
to get started, type `motd` at the command prompt to see a few ways to
get started. have fun!
the greatest value of tilde.team is not the services provided by the
server, but rather the interesting and welcoming community built by its
users. this is possible because of people like you who choose to make
this a great place. the best way you can help tilde.team is by working
to support a great system culture. chat on irc; build cool programs and
share them with others; focus on learning, and help others learn; be a
good example for others; have fun!
also, your ~/public_html directory is served at
https://tilde.team/~newusername/
(you can also use https://newusername.tilde.team)
check out our wiki at https://tilde.team/wiki/ for more information (and
maybe help us write a new wiki article:)
our irc is tilde.chat, an irc network connecting several
tilde servers. the `chat` command on your ~team shell will open up
weechat with some nice default configs and plugins.
see our wiki article (https://tilde.team/wiki/?page=irc)
or https://tilde.chat site for information on how to connect from elsewhere.
we also have a webclient at https://irc.tilde.team that you can
register for by running the `webirc` command from a shell session.
we look forward to seeing you around! welcome to the ~team!
~tilde.team admins

62
gen_tdp

@ -0,0 +1,62 @@
#!/bin/bash
###############################################################################
#
# $0 A bash script to generate the tilde.json file as described by
# http://protocol.club/~datagrok/beta-wiki/tdp.html
#
# This command takes no arguments, and sends outputs to stdout.
# Version 1.2
#
# Licensed under a the AGPL 3.0 or later, by Ubergeek (ubergeek@thunix.net)
# https://www.gnu.org/licenses/gpl-3.0.en.html
#
###############################################################################
CONFIG=./setenv
if [ ! -f "$CONFIG" ]; then
echo "Config file does not exist, or not at the location specified. Please create the file, or correct the location."
exit 1
fi
. $CONFIG
cat << _EOF
{
"name" : "$SITE_TITLE",
"url" : "$SITE",
"want_users":$WANT_USERS,
"admin_email": "$ADMIN_EMAIL",
"signup_url": "$SIGNUP_URL",
"description": "$DESCRIPTION",
_EOF
echo -ne "\t\"user_count\":"
echo $(for i in $(members tilde); do echo $i; done | sort | uniq | wc -l)","
echo -e "\t\"generated_at\" : \"$(date)\","
echo -e "\t\"uptime\" : \"$(uptime | cut -f1 -d,)\","
member_count=$(for i in $(members tilde); do echo $i; done | sort | uniq | wc -l)
echo -e "\t\"users\": ["
for i in $(for i in $(members tilde); do echo $i; done | sort | uniq); do
let count=$count+1
echo -e "\t{\n\t\t\"user_name\": \"$i\","
set mod_time= "$(stat -c '%Y' /home/$i/public_html/index.* 2> /dev/null | head -n1)"
if [ ! "$mod_time" == "" ]; then
echo -e "\t\t\"mtime\" : \"0\","
else
echo -e "\t\t\"mtime\" : \"$(stat -c '%Y' /home/$i/public_html/index.* 2> /dev/null | head -n1)\","
fi
echo -e "\t\t\"title\" : \""$(curl -L $SITE/~$i -so - |grep -iPo '(?<=<title>)(.*)(?=</title>)')"\""
if [ $count -eq $(for i in $(members tilde); do echo $i; done | sort | uniq | wc -l) ]; then
echo -e "\t}"
else
echo -e "\t},"
fi
done
echo -e "\t],"
echo -e "\t\"generated_by\":\"bash_tdp\""
echo "}"

8
include/account_recovery.tmpl

@ -0,0 +1,8 @@
Hello _username_;
Please click the following link to recover your account:
https://thunix.net/user/recover_account?code=CODE
Not working? Try copying and pasting it to your browser.

24
include/ansible.sh

@ -0,0 +1,24 @@
currdir=`pwd`
cd $REPO_LOCATION; git pull
echo "---
- name: Setting up $1
user:
name: $1
groups: tilde
state: present
skeleton: /etc/skel
shell: /bin/bash
system: no
createhome: yes
home: /home/$1
- authorized_key:
user: $1
state: present
key: \"$3\"" > $REPO_LOCATION/roles/shell/tasks/users/$YAML_FILE
echo "- include: users/$YAML_FILE" >> $REPO_LOCATION/roles/shell/tasks/users.yml
git add $REPO_LOCATION/roles/shell/tasks/users/$YAML_FILE
git commit -am "Adding user $1"
git push
cd $currdir
$GEN_TDP | sudo tee $TILDE_JSON

7
include/dbemail.tmpl

@ -0,0 +1,7 @@
Hello _username_;
Your database has been provisioned. Information below should be used to connect to it:
Database name: _username_
Database user: _username_
Password: _password_

28
include/email.tmpl

@ -0,0 +1,28 @@
Welcome to thunix, newusername!
Your account has been provisioned, and should be available in a few
minutes for login. Your password is newpassword
Any questions, concerns, comments, etc etc? Join us
in IRC at irc.tilde.chat/6697, in #thunix, or via webchat:
https://web.tilde.chat/?join=thunix
Also, check out our git repos, that pretty much manage the whole of the
system at https://tildegit.org/thunix, and feel free to open issues and PRs.
Also, there is system documentation available via 'man thunix', from the
command line.
Also, we do expect you periodically check your email, as that is where
you'll be able to get updates and announcements. You can do so via
webmail, or by using mutt from the command line (Or, the imap client of
your choice.
A recovery file has been written at ~/.thunix/recovery. This file
currently contains your email address. You can remove this file at any
time, or change it to whatever email address you would like to use to
recover your account. You can also replace the email with a passphrase.
However, if this file does not exist, or contains outdated information, we
will not be able to assist in recovering your account.
Finally, welcome aboard!

70
include/functions

@ -0,0 +1,70 @@
#!/bin/bash
#Common functions used for several makeuser scripts
error_exit() {
echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
exit 1
}
usage() {
echo -e "usage: $PROGNAME [-h|--help] <username> <email> <pubkey>"
}
sub_to_list() {
echo "From: $1 Subject: subscribe" | sudo -u $1 mail $LIST_NAME
}
makeuser_no_ansible()
{
echo "adding new user $1"
newpw=`pwgen -1B 10`
pwcrypt=$(perl -e "print crypt('${newpw}', 'sa');")
sudo useradd -m -g 1000 -p $pwcrypt -s /bin/bash $1 || exit 1
#This is the welcome for team.
#sed -e "s/newusername/$1/g" -e "s/newpassword/$newpw/" $EMAIL_TEMPLATE | sudo mail $1 $2 $ADMIN_EMAIL
#This is the welcome email for thunix
sed -e "s/newusername/$1/g" -e "s/newpassword/$newpw/g" include/email.tmpl | sudo mail -s "Welcome to Thunix!" $2,$ADMIN_EMAIL
sub_to_list $1
#We don't need this for thunix, since ansible will do it
#echo "$3" | tee /home/$1/.ssh/authorized_keys
#If root doesn't have a fediverse account, comment this out
#sudo toot "welcome new user ~$1!"
}
add_account_recovery()
{
sudo mkdir -p --mode=700 /home/$1/.thunix
echo $2 | sudo tee /home/$1/.thunix/recovery
sudo chmod 600 /home/$1/.thunix/recovery
sudo chown -R $1 /home/$1/.thunix
}
remove_user()
{
echo "Unsubscribe from this list..."
echo "From: $1 Subject: unsubscribe " | sudo -u $1 mail $LIST_NAME
echo "Deleting account from system..."
sudo userdel $1
sudo rm -rf /home/$1
echo "$1 user account is unenforced in ansible..."
currdir=`pwd`
cd $REPO_LOCATION; git pull
sed -i "/$1/d" $REPO_LOCATION/roles/shell/tasks/users.yml
rm $REPO_LOCATION/roles/shell/tasks/users/$YAML_FILE
git commit -am "$1 account unenforced in ansible"
git push
cd $currdir
echo "User $1 removed from system." | sudo mail -s "User Account $1 removed from Thunix" $ADMIN_EMAIL
}
backup_user_data()
{
echo "Archiving home dir..."
sudo tar cfz /root/backups/$1.tgz /home/$1
}

16
makedb

@ -0,0 +1,16 @@
#!/bin/bash
USER=$1
PASSWORD=`pwgen -1B 24`
CONFIG=./setenv
. $CONFIG
sudo mysql -u root << _EOF
CREATE DATABASE $USER;
GRANT ALL PRIVILEGES ON $USER.* TO '$USER'@'localhost' IDENTIFIED BY '$PASSWORD';
FLUSH PRIVILEGES;
_EOF
sed -e "s/_username_/$USER/g" -e "s/_password_/$PASSWORD/g" include/dbemail.tmpl | sudo mail -s "Your database has been provisioned" $USER@thunix.net
sed -e "s/_username_/$USER/g" -e "s/_password_/$PASSWORD/g" include/dbemail.tmpl | sudo mail -s "Your database has been provisioned" $ADMIN_EMAIL

45
makeuser

@ -1,29 +1,20 @@
#!/bin/bash
# ---------------------------------------------------------------------------
# makeuser - tilde.team new user creation
# makeuser - tilde new user creation
# Usage: makeuser [-h|--help] <username> <email> "<pubkey>"
# ---------------------------------------------------------------------------
#
# Forked from tilde.team's make user script (
PROGNAME=${0##*/}
VERSION="0.1"
error_exit() {
echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
exit 1
}
VERSION="0.4"
GEN_TDP="./gen_tdp"
CONFIG=./setenv
usage() {
echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\""
}
. $CONFIG
sub_to_list() {
echo "
From: $1
Subject: subscribe
" | sudo -u $1 sendmail tildeteam-join@lists.tildeverse.org
}
source include/functions
[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script."
[[ $(id -u) == 0 ]] && error_exit "Do not run this script as root."
case $1 in
-h | --help)
@ -32,16 +23,16 @@ case $1 in
usage; error_exit "unknown option $1" ;;
*)
[[ $# -ne 3 ]] && error_exit "not enough args"
echo "adding new user $1"
newpw=$(pwgen -1B 10)
pwcrypt=$(perl -e "print crypt('${newpw}', 'sa');")
useradd -m -g 100 -p $pwcrypt -s /bin/bash $1 || exit 1
$(sudo grep -qiw $1 $BANNED) && error_exit "$1 is on the ban list!"
sed -e "s/newusername/$1/g" -e "s/newpassword/$newpw/" email.tmpl | sendmail $1 $2 sudoers@tilde.team
sub_to_list $1
sudo -u znc /home/znc/add_znc_user.sh $1
#adding new user
makeuser_no_ansible $1 $2
add_account_recovery $1 $2
echo "$3" | tee /home/$1/.ssh/authorized_keys
toot "welcome new user ~$1!" ;;
#Thunix specific section
source include/ansible.sh
# End Thunix specific section
;;
esac

34
makeuser_no_ansible

@ -0,0 +1,34 @@
#!/bin/bash
# ---------------------------------------------------------------------------
# makeuser - tilde new user creation
# Usage: makeuser [-h|--help] <username> <email> "<pubkey>"
# ---------------------------------------------------------------------------
#
# Forked from tilde.team's make user script (
PROGNAME=${0##*/}
VERSION="0.4"
CONFIG=./setenv
. $CONFIG
source include/functions
[[ $(id -u) == 0 ]] && error_exit "Do not run this script as root."
case $1 in
-h | --help)
usage; exit ;;
-* | --*)
usage; error_exit "unknown option $1" ;;
*)
[[ $# -ne 3 ]] && error_exit "not enough args"
$(sudo grep -qiw $1 $BANNED) && error_exit "$1 is on the ban list!"
#adding new user
makeuser_no_ansible $1 $2
add_account_recovery $1 $2
;;
esac

26
rmuser

@ -0,0 +1,26 @@
#!/bin/bash
CONFIG=./setenv
. $CONFIG
source include/functions
if [ -z $1 ]
then
echo -e "Usage: `basename $0` username [ --banned ][ --backup ]"
else
echo "This will remove user account $1 from Thunix."
echo "It is assumed the user account has been un-enforced in Ansible as well."
echo "Killing user processes..."
sudo pkill -9 -U $1
if [ -n $2 ]
then
[[ $2 == --backup ]] && backup_user_data $1
[[ $2 == --banned ]] && echo $1 | sudo tee -a $BANNED
fi
remove_user $1
fi

15
setenv

@ -0,0 +1,15 @@
# Set location to your repo for ansible here
# It is only needed for thunix
export REPO_LOCATION="/home/ubergeek/repos/ansible/"
export SITE_TITLE="Thunix"
export SITE="https://thunix.net"
export WANT_USERS="true"
export ADMIN_EMAIL="root@thunix.net"
export SIGNUP_URL="https://thunix.net/signup"
export DESCRIPTION="Thunix is a community, centered around access to a public *nix system. Thunix offers shell accounts with complete set of programming tools, and follows a continuous integration-continuous deployment of system configuration."
export LIST_NAME="thunix-join@lists.tildeverse.org"
export EMAIL_TEMPLATE="include/email.tmpl"
export TILDE_JSON="/var/www/thunix.cf/tilde.json"
export YAML_FILE="$1.yml"
export BANNED="/root/users.banned"
export USERQUEUE="/dev/shm/userqueue"

28
userqueue

@ -0,0 +1,28 @@
#!/bin/bash
# ---------------------------------------------------------------------------
# Thunix user queue management
# ---------------------------------------------------------------------------
source setenv
if [ $# -eq 0 ]
then
echo -e "usage: $0 [u][f][d][a] username"
echo "(u) Print users in queue"
echo "(f) Shows the fields of the selected user"
echo "(a) Accept sign up request"
echo "(d) Delete selected user from queue"
else
if [ $1 = "u" ]
then
awk -F, '{print $1}' $USERQUEUE
else
if [ $# -ne 2 ]
then
echo -e "usage: $0 <$1> <username>"
else
[ $1 = "f" ] && grep -w $2 $USERQUEUE | awk -F, '{print $1, $2, $3}'
[ $1 = "d" ] && sudo sed "/$2/d" -i $USERQUEUE
fi
fi
fi
Loading…
Cancel
Save